# avoid missing field
deny_access if {
    input.access_level < 3
}
deny_access := "Error: access_level missing" if {
    exists(input.access_level)
}

# validate data
policy_allow if {
    input.user.access_level >= 1
}
input_is_valid if {
    is_number(input.user.access_level)
}
allow if {
    policy_allow
    input_is_valid
}
